Incident Response Plan
This plan defines how Ouva identifies, triages, and resolves security and operational incidents.
Reporting
Section titled “Reporting”Incidents can be reported through:
- `security@ouva.co` for suspected security events
- `help@ouva.co` for operational incidents and urgent support needs
Reports should include observed behavior, affected systems, timestamp, and any immediate risks.
Severity Levels
Section titled “Severity Levels”Suspicious
Section titled “Suspicious”Potentially abnormal behavior with no confirmed compromise or impact yet. Requires investigation on the standard operational cadence.
High Risk
Section titled “High Risk”Credible threat or confirmed control weakness with likely material impact if not addressed quickly. Requires accelerated triage and responder coordination.
Critical
Section titled “Critical”Confirmed active compromise or major service-impacting event with customer or business harm. Requires immediate incident command and continuous response until stabilized.
Response Lifecycle
Section titled “Response Lifecycle”- Detect and triage: Validate report, classify severity, and assign incident owner.
- Contain: Limit spread, isolate affected systems, and preserve evidence.
- Eradicate and remediate: Remove root cause and apply corrective controls.
- Recover: Restore services and monitor for recurrence.
- Review: Run post-incident analysis and track follow-up actions.
Communications
Section titled “Communications”- Internal communications follow need-to-know access and approved secure channels.
- Customer and partner notifications are coordinated based on contractual and legal requirements.
- Regulatory and legal reporting is handled with external advisors when required.
Post-Incident Improvement
Section titled “Post-Incident Improvement”- Every High Risk and Critical incident receives a documented post-mortem.
- Root-cause and corrective actions are tracked to completion.
- Response procedures are reviewed periodically through scenario-based exercises and updated based on findings.
For operational monitoring and alerting capabilities, see Uptime, Availability & Monitoring.